Analysis: Apple's too-brief Black Hat appearance

More concerned with marketing than engaging.

Last week at the Black Hat security conference, Apple got into the spirit of the Summer Olympics with a brief track and field display of its own.

The speed with which Apple's security team bolted after their first-ever Black Hat appearance was astonishing -- and possibly record-setting, if records were kept for that sort of thing.

After Dallas De Atley, manager of the platform security team at Apple, wrapped up his presentation on iOS security without inviting Q&A, dozens of Black Hat attendees made a beeline for the stage, eager for some face time.

But De Atley and other Apple employees, including Window Snyder, senior security and privacy product manager, deftly side-stepped the oncoming blitz and slipped out of the room through a side door.

The fact that Apple showed up at Black Hat, after pulling out of the 2008 event at the last minute, is a sign of progress.

Yet in the wake of De Atley's presentation -- a verbatim rehash of the iOS security paper Apple released in May -- many Black Hat attendees were left with the impression that Apple's appearance was motivated more by marketing concerns than by a genuine desire to engage with security researchers.

"It would have been good to hear them say, here is where we're going next with iOS, and here is how we are going to lock it down some more in the next version," said Charlie Miller, principal research consultant for Accuvant Labs.

Apple has woven a strong web of hardware- and software-based security around iOS, one that has, so far, managed to keep malware off its customers' devices.

That said, anyone who expected De Atley to field researchers' questions about Apple's iOS security approach probably still believes in the Tooth Fairy.

For all the recent advances Apple has made in security, it still exhibits a distinct mistrust of researchers.

Last November, Apple kicked Miller out of its developer program for a year after discovering he had posted a proof-of-concept app to the App Store to demonstrate a flaw in Apple's code signing process for iOS apps.

Apple's dealings with security researchers

In April this year, when researchers from Russian antivirus vendor Dr. Web notified Apple about its discovery of the Flashback botnet, Apple ignored them. Later, Apple tried to have one of Dr. Web's test servers shut down, apparently mistaking it as part of the botnet.

Andrew Plato, president of Anitian Enterprise Security, says Apple eventually will have to embrace the research community, at least at some level.

"Apple would be wise to find a way to do some smaller, more intimate discussions where they can field serious questions and engage the community in a proactive manner," Plato told CRN.

So what exactly did Apple hope to gain by taking part in Black Hat this year?

If Apple thought that showing up and giving a Powerpoint presentation of previously released material was going to impress researchers, it was wrong. Sniffing out subterfuge is what many Black Hat attendees do for a living, which is why audible sighs -- and even a few exasperated groans -- were heard as De Atley gave his talk.

Apple has made progress in security and continues to build for the future by hiring top security talent. Other decisions, such as adding automatic updates to OS X and giving up control over Java updates to Oracle, show that Apple is able to adjust to the realities of the security marketplace.

Apple is currently in broadcast-only mode with the security research community, and we'll have to wait until next year's Black Hat to see if it is also ready to start listening.

Please check your email

A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.

If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.